Beware! Find My Mobile App Vulnerability Allows Remote Device Unlocking

CVSScvssV3_1: 7.6

Samsung’s Find My Mobile app, which helps users locate and secure their lost or stolen devices, was found to have a vulnerability that could allow remote device unlocking.

The vulnerability identified as CVE-2023-42571 has a CVSS score of 7.6 out of 10, meaning it is a high severity issue. It affects versions of Find My Mobile prior to and allows an attacker with physical access to the device to remotely reset the Samsung account password linked to the device using SMS verification. Once the password is reset in this way, the attacker can then remotely unlock the device.

This vulnerability poses a risk as it essentially bypasses the security of Samsung’s Find My Mobile feature, which is meant to help secure devices that are lost or stolen. An attacker who gains physical access to a lost device could exploit this issue to unlock the device remotely without the owner’s permission or knowledge.

Samsung users are advised to immediately update their Find My Mobile app to the latest version or above to patch this vulnerability. It is also recommended that users enable strong passwords and two-factor authentication for their Samsung accounts for additional protection. Being vigilant about keeping apps and software updated is key to protecting devices from cyber threats.